<?php
/**
  * Вызывается в методе
  *
***/
require_once(X2 . '/classes/myDB/myDB.class.php');

$db =& myDB::getConnection2(
  "mysql://" . X2_SQL_USER .":". X2_SQL_PASS ."@". X2_SQL_HOST ."/". X2_SQL_DB
);
if(!$db) return false;
$db -> query("SET NAMES '".X2_SQL_DEFAULT_CHARSET."'");

if(!isset ($docId)){
  $docId = intval($this -> doc -> get_attribute('id'));
}

$action = isset($_GET['action'])? $_GET['action'] : "";
$page = isset($_GET['page'])? intval($_GET['page']) : 0;

$offset = $page * 10;

switch($action){
  case 'delete':
  	if($this -> user-> userInfo['moderate'] == 1 && isset($_GET['comment']) && intval($_GET['comment']) > 0){
  	  $db -> query(
  	    "DELETE FROM `axe_comments` WHERE id=". intval($_GET['comment'])
  	  );
    }
    header("Location: ". $_GET['redir']);
    exit;
  break;

  case 'update';
  break;

  default: // add?
  	if($this -> user -> userInfo['comment'] == 1 && count($_POST) > 0 && isset($_POST['comments']) && $_POST['comments'] = 1){
  	  $db -> query(
  	    "INSERT INTO `axe_comments`
        (docId, userName, userMail,  tstamp, userIP, subj, message, state)
        VALUES (
          {$docId},
          '". $db -> quote($_POST['userName']) ."',
          '". $db -> quote($_POST['userMail']) ."',
          ". time() .",
          '". $db -> quote($_POST['remoteIP']) ."',
          '". $db -> quote($_POST['subj']) ."',
          '". $db -> quote($_POST['message']) ."',
          2
        )"
  	  );
//  	  var_export($db);exit;
  	  header("Location: ". (isset($_POST['redir'])? $_POST['redir'] : $_SERVER['REDIRECT_URL']));
  	  exit;
  	}
?>
<div id="comments">
<?php
    $messages = $db -> arrayQuery(
      "SELECT * FROM `axe_comments`
      WHERE docId={$docId}
      ORDER BY tstamp DESC
      LIMIT {$offset}, 10",
      "id"
    );
    $count = $db -> getSingle(
      "SELECT COUNT(*) AS c FROM `axe_comments` WHERE docId={$docId}",
      "c"
    );

    if(count($messages) > 0){
    pager($_SERVER['REDIRECT_URL'], $count, $page+1);
?>
<ul>
<?php
      foreach($messages as $id => $data){
?>
    <li class="comment" id="comment-<?php echo $id ?>">
      <div class="comment-head">
        <span class="date"><?php echo humanDate($data['tstamp']) ?></span>
        <span class="user"><?php echo $data['userName'] ?></span>
      </div>
      <div class="comment-message">
        <h4 class="title">
<?php
        echo htmlspecialchars($data['subj']);
        if($this -> user -> authorized && $this -> user -> userInfo['moderate'] == 1){
?>
          <a href="<?php echo $_SERVER['REDIRECT_URL'] ?>?action=delete&amp;comment=<?php echo $id,(($page > 0)? '&amp;page='. $page : '') ?>&amp;redir=<?php echo urlencode($_SERVER['REQUEST_URI']) ?>" style="float: right" onclick="return confirm('Вы уверены, что хотите удалить комментарий?')"><img src="/skin/i/delete.gif" border="0" title="удалить [ip: <?php echo $data['userIP'] ?>]" hspace="6" /></a>
<?php
        }
?>
        </h4>
        <p><?php echo nl2br(htmlspecialchars($data['message'])) ?></p>
      </div>
    </li>
<?php
      }
?>
</ul>
<?php
    pager($_SERVER['REDIRECT_URL'], $count, $page+1);
    } elseif ($count == 0) {
?>
<p>Сообщений пока нет - ваше может стать первым.</p>
<?php
    }
}
?>
<form id="comment-form" action="<?php echo $_SERVER['REDIRECT_URL'] ?>" method="post" onmouseover="this.elements['comments'].value=1">
  <input type="hidden" name="docId" value="<?php echo $docId ?>" />
  <input type="hidden" name="redir" value="<?php echo $_SERVER['REQUEST_URI'] ?>" />
  <input type="hidden" name="comments" value="0" />
  <input type="hidden" name="remoteIP" value="<?php echo $_SERVER['REMOTE_ADDR']?>" />
  <table border="0" cellpadding="3" cellspacing="1">
    <tr>
      <td><strong>Тема</strong>:</td>
      <td><input type="text" name="subj" value="" size="60" maxlength="250" /></td>
    </tr>
    <tr>
      <td><strong>Комментарий</strong>:</td>
      <td><textarea name="message" cols="64" rows="10"></textarea></td>
    </tr>
    <tr>
      <td><strong>Ваше имя</strong>:</td>
      <td><input type="text" name="userName" value="" size="60" /></td>
    </tr>
    <tr>
      <td>Ваш e-mail:</td>
      <td><input type="text" name="userMail" value="" size="60" /></td>
    </tr>
    <tr>
      <td></td>
      <td><input type="submit" value="Добавить" /></td>
    </tr>
  </table>
</form>
</div>